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CLAIMS: 

1 . A method for assembling a fragmented packet with a firewalling device, 
comprising: 

receiving fragments of the packet to the firewalling device; 
sorting the fragments according to the packet and order of the fragments; 
storing the fragments in association with the packet and in order; 
collecting all the fragments to reconstitute the packet; and 
assembling the fragments in order to reconstitute the packet. 

2. The method, according to claim 1 , further comprising: 

obtaining source and destination address information for the fragments; 

and 

determining if the source and destination address information of the 
fragments matches. 

3. The method, according to clairn 1 , further comprising determining if the 
fragments have a valid checksum. 

4. The method, according to claim 1 , wherein the sorting comprises obtaining 
packet and fragment identifiers. 

5. The method, according to claim 4, further comprising determining if any of 
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the fragments needed to reconstitute the packet have not been stored. 

6. The method, according to claim 5, further comprising determining if the 
fragments stored collectively exceed a communication length threshold. 

7. The method, according to claim 6, further comprising purging the fragments 
responsive to the communication length threshold being exceeded. 

8. The method, according to claim 7, further comprising starting a timer in 
association with an initial one of the fragments received by the firewalling device. 

9. The method, according to claim 8, further comprising checking whether all 
the fragments needed to reconstitute the packet have not been received to the 
firewalling device within a threshold time period. 

10. The method, according to claim 1 , wherein the storing comprises 
overwriting one of the fragments with a subsequently received fragment. 

11. A method for assembling a fragmented packet within a firewalling device, 
comprising: 

obtaining fragments of the packet by the firewalling device, each of the 
fragments having a packet identifier and a fragment identifier, each of the 
fragments have a source address and a destination address; 

determining if the source address and the destination address is currently 
stored in association with the packet identifier; 

reserving buffer memory space and starting a timer responsive to the 
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source address and the destination address not being currently stored; 

responsive to tine source address and the destination address being 
currently stored, determining for each of the fragments subsequently received 
after receipt of an initial fragment with the packet identifier whether a respective 
checksum for the fragments subsequently received is valid; 

sorting the fragments according to the packet identifier and the fragment 
identifier; and 

storing the fragments in the buffer memory space reserved in association 
with the packet identifier and in order according to the fragment identifier. 

1 2. The method, according to claim 1 1 , further comprising: 

determining if all the fragments to reconstitute the packet have been stored; 

and 

reconstituting the packet according using the fragments stored for the 
packet. 

1 3. The method, according to claim 12, further comprising determining if any of 
the fragments needed to reconstitute the packet have not been stored. 

14. The method, according to claim 12, further comprising determining if the 
fragments stored collectively exceed a communication length threshold. 

15. The method, according to claim 14, further comprising clearing the buffer 
memory space reserved of any of the fragments responsive to the communication 
length threshold being exceeded. 
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16. The method, according to claim 15, further comprising checking whether all 
the fragments needed to reconstitute the packet have not been obtained by the 
firewalling device within a threshold time period. 

17. The method, according to claim 16, further comprising clearing the buffer 
memory space reserved of any of the fragments responsive to the threshold time 
period being exceeded. 

18. The method, according to claim 12, wherein the packet is reconstituted 
prior to interrogation. 

19. The method, according to claim 1 1 , wherein the fragments are physically 
stored in order within the buffer memory space reserved. 

20. The method, according to claim 1 1 , wherein the fragments are logically 
stored in order within the buffer memory space reserved. 

21 . The method, according to claim 1 1 , wherein the fragments are Internet 
Protocol version four formatted packets. 

22. An apparatus for assembling fragments, comprising: 

first combinatorial logic for receiving a communication configured to: 

determine status of the communication including identification of 
fragmented communication units, the fragmented communication units including 
constituent parts of a unit of communication; 

sort the fragmented communication units according to 
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communication unit and fragment order; 

memory for storing the fragmented communication units as sorted; 

second combinatorial logic to reconstitute the unit of communication in the 
order stored responsive to obtaining all the fragmented communication units for 
reconstitution of the unit of communication. 

23. A system for assembling fragments, comprising: 
a host processing unit; 

system memory coupled to the host processing unit; 

a network interface coupled to the host processing unit, the network 
interface including a network processing unit, the network processing unit 
including: 

first combinatorial logic for receiving a communication configured to: 

determine status of the communication including identification 
of fragmented communication units, the fragmented communication 
units including constituent parts of a unit of communication; 

sort the fragmented communication units according to 
communication unit and fragment order; 

local memory for storing the fragmented communication units as 

sorted; 

second combinatorial logic to reconstitute the unit of communication 
in the order stored responsive to obtaining all the fragmented 
communication units for reconstitution of the unit of communication. 



58 



NVDA P000701 US 



PATENT 



24. The system, according to claim 23, wherein the host processing unit is part 
of a personal computer. 

25. The system, according to claim 23, wherein the host processing unit is part 
of a firewalling device. 

26. A signal-bearing medium containing a program which, when executed by a 
processor of a firewalling device, causes execution of a method comprising: 

sorting fragments according to packet identifier and fragment identifier with 
the firewalling device; 

storing the fragments in association with the packet identifier and the 
fragment identifier in local memory of the firewalling device; and 

assembling by the firewalling device the fragments to reconstitute the 
packet. 

27. An apparatus for assembling fragments, comprising: 

first means for receiving a communication, the first means configured to: 

determine status of the communication including identification of 
fragmented communication units, the fragmented communication units including 
constituent parts of a unit of communication; 

sort the fragmented communication units according to 
communication unit and fragment order; 

memory for storing the fragmented communication units as sorted; 

second means for reconstituting the unit of communication in the order 
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Stored responsive to obtaining all the fragmented communication units for 
reconstitutlon of the unit of communication. 
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